VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ykju-xjyz-aaag

Essentials
Severities (88)
References (40)
Severity details (35)
Exploits (1)
EPSS
History (0)

Vulnerability ID	VCID-ykju-xjyz-aaag
Aliases	CVE-2016-1646
Summary	The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
Status	Published
Exploitability	2.0
Weighted Severity	8.4
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-125	Out-of-bounds Read

System	Score	Found at
generic_textual	Medium	http://googlechromereleases.blogspot.com/2016/03/
cvssv3.1	8.8	http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html
generic_textual	Medium	http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html
ssvc	Attend	http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html
cvssv3.1	8.8	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html
cvssv3.1	8.8	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html
cvssv3.1	8.8	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1646.html
cvssv3.1	8.8	http://rhn.redhat.com/errata/RHSA-2016-0525.html
ssvc	Attend	http://rhn.redhat.com/errata/RHSA-2016-0525.html
rhas	Important	https://access.redhat.com/errata/RHSA-2016:0525
epss	0.28906	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.28906	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.28906	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.28906	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.28906	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.28906	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.28906	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.28906	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.28906	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.28906	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.66913	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.67767	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.67767	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.67767	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.67767	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.67767	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.67773	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.67773	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.67773	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.67773	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.69302	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.71874	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.71874	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.71874	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.71874	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.71874	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.71874	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.71874	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.71874	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.71874	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.72695	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.72695	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.72695	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.72695	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.72695	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.72695	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.72695	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
epss	0.72695	https://api.first.org/data/v1/epss?cve=CVE-2016-1646
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=1321811
cvssv3.1	8.8	https://code.google.com/p/chromium/issues/detail?id=594574
ssvc	Attend	https://code.google.com/p/chromium/issues/detail?id=594574
cvssv3.1	8.8	https://codereview.chromium.org/1804963002/
ssvc	Attend	https://codereview.chromium.org/1804963002/
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1646
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1647
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1648
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1649
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1650
cvssv2	9.3	https://nvd.nist.gov/vuln/detail/CVE-2016-1646
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2016-1646
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2016-1646
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2016-1646
cvssv3.1	8.8	https://security.gentoo.org/glsa/201605-02
ssvc	Attend	https://security.gentoo.org/glsa/201605-02
generic_textual	Medium	https://ubuntu.com/security/notices/USN-2955-1
cvssv3.1	8.8	http://www.debian.org/security/2016/dsa-3531
ssvc	Attend	http://www.debian.org/security/2016/dsa-3531
cvssv3.1	8.8	http://www.securitytracker.com/id/1035423
ssvc	Attend	http://www.securitytracker.com/id/1035423
cvssv3.1	8.8	http://www.ubuntu.com/usn/USN-2955-1
ssvc	Attend	http://www.ubuntu.com/usn/USN-2955-1

Reference id	Reference type	URL
		http://googlechromereleases.blogspot.com/2016/03/
		http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html
		http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html
		http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html
		http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html
		http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1646.html
		http://rhn.redhat.com/errata/RHSA-2016-0525.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1646.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-1646
		https://code.google.com/p/chromium/issues/detail?id=594574
		https://codereview.chromium.org/1804963002/
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1646
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1647
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1648
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1649
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1650
		https://security.gentoo.org/glsa/201605-02
		https://ubuntu.com/security/notices/USN-2955-1
		http://www.debian.org/security/2016/dsa-3531
		http://www.securitytracker.com/id/1035423
		http://www.ubuntu.com/usn/USN-2955-1
1321811		https://bugzilla.redhat.com/show_bug.cgi?id=1321811
cpe:2.3:a:google:chrome::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
cpe:2.3:a:suse:package_hub:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:package_hub:-:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:opensuse:leap:42.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
CVE-2016-1646		https://nvd.nist.gov/vuln/detail/CVE-2016-1646
RHSA-2016:0525		https://access.redhat.com/errata/RHSA-2016:0525
USN-2955-1		https://usn.ubuntu.com/2955-1/

Data source	KEV
Date added	June 8, 2022
Description	Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action	Apply updates per vendor instructions.
Due date	June 22, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2016-1646
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2016-0525.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-0525.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://code.google.com/p/chromium/issues/detail?id=594574

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at https://code.google.com/p/chromium/issues/detail?id=594574

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://codereview.chromium.org/1804963002/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at https://codereview.chromium.org/1804963002/

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1646

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1646

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1646

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1646

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201605-02

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at https://security.gentoo.org/glsa/201605-02

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2016/dsa-3531

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://www.debian.org/security/2016/dsa-3531

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id/1035423

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://www.securitytracker.com/id/1035423

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-2955-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:19:02Z/ Found at http://www.ubuntu.com/usn/USN-2955-1

Exploit Prediction Scoring System (EPSS)

Percentile	0.96966
EPSS Score	0.28906
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.